Format: 1.8 Date: Wed, 02 Nov 2011 17:23:07 -0700 Source: apache2 Binary: apache2.2-common apache2.2-bin apache2-mpm-worker apache2-mpm-prefork apache2-mpm-event apache2-mpm-itk apache2-utils apache2-suexec apache2-suexec-custom apache2 apache2-doc apache2-prefork-dev apache2-threaded-dev apache2-dbg Architecture: amd64 Version: 2.2.16-1ubuntu3.4 Distribution: maverick Urgency: low Maintainer: Ubuntu/amd64 Build Daemon Changed-By: Steve Beattie Description: apache2 - Apache HTTP Server metapackage apache2-dbg - Apache debugging symbols apache2-doc - Apache HTTP Server documentation apache2-mpm-event - Apache HTTP Server - event driven model apache2-mpm-itk - multiuser MPM for Apache 2.2 apache2-mpm-prefork - Apache HTTP Server - traditional non-threaded model apache2-mpm-worker - Apache HTTP Server - high speed threaded model apache2-prefork-dev - Apache development headers - non-threaded MPM apache2-suexec - Standard suexec program for Apache 2 mod_suexec apache2-suexec-custom - Configurable suexec program for Apache 2 mod_suexec apache2-threaded-dev - Apache development headers - threaded MPM apache2-utils - utility programs for webservers apache2.2-bin - Apache HTTP Server common binary files apache2.2-common - Apache HTTP Server common files Launchpad-Bugs-Fixed: 871674 877740 Changes: apache2 (2.2.16-1ubuntu3.4) maverick-security; urgency=low . * SECURITY UPDATE: mod_proxy reverse proxy exposure (LP: #877740) - debian/patches/212_CVE-2011-3368.dpatch: return 400 on invalid requests. (patch courtesy of Michael Jeanson) - debian/patches/214_CVE-2011-3368_part2.dpatch: fix same for http 0.9 protocol - CVE-2011-3368 * SECURITY UPDATE: mod_proxy_ajp denial of service (LP: #871674) - debian/patches/213_CVE-2011-3348.dpatch: return HTTP_NOT_IMPLEMENTED when AJP_EBAD_METHOD is requested - CVE-2011-3348 * SECURITY UPDATE: mpm-itk failure to drop privileges in certain configurations - debian/mpm-itk/patches/11-CVE-2011-1176.patch: merge configurations correctly - CVE-2011-1176 * Include additional fixes for regressions introduced by CVE-2011-3192 fixes - debian/patches/085_CVE-2011-3192_regression_part2.dpatch: take upstream fixes for byterange_filter.c through the 2.2.21 release except for the added MaxRanges configuration option along with a fix staged for 2.2.22. Checksums-Sha1: 3334e5c7de35489c3d4284cadd16fbf624ef76bb 310754 apache2.2-common_2.2.16-1ubuntu3.4_amd64.deb 011e7cfba86423826ca84521d68f91880c0b4de2 2721944 apache2.2-bin_2.2.16-1ubuntu3.4_amd64.deb 1452226c201693d5085269baf3d0a09a101f6d3e 2328 apache2-mpm-worker_2.2.16-1ubuntu3.4_amd64.deb c011e0ad4498c011c8be2ebbb974c91b729363bc 2388 apache2-mpm-prefork_2.2.16-1ubuntu3.4_amd64.deb f2077802e34efa721dab4a5f7674397171b17c03 2360 apache2-mpm-event_2.2.16-1ubuntu3.4_amd64.deb ee0a4c260956766786b2cdbb4b64174f8195e356 2380 apache2-mpm-itk_2.2.16-1ubuntu3.4_amd64.deb ac210b50ef92186b48e761cd16c9e5d58eebe44a 166374 apache2-utils_2.2.16-1ubuntu3.4_amd64.deb 78e212957a4b524c9ee526c3aa5f6be188f1b6da 62364 apache2-suexec_2.2.16-1ubuntu3.4_amd64.deb e7e3669aa4b2ca9826ada7d566e6f9ae1f36ebd0 64018 apache2-suexec-custom_2.2.16-1ubuntu3.4_amd64.deb ec4f47769fec1b0bc3a39907ba1e6b6bd457ef33 1482 apache2_2.2.16-1ubuntu3.4_amd64.deb c6c8b340f4a9460a52804792dc0f1ad635abc53c 137668 apache2-prefork-dev_2.2.16-1ubuntu3.4_amd64.deb 07b1e1ce4a9824a5b5b34f5e28c6eb1a1761aba8 138746 apache2-threaded-dev_2.2.16-1ubuntu3.4_amd64.deb Checksums-Sha256: 04593f1d587c3f1a46531739ce2da2be4e91e63711750a1b222e57589394402b 310754 apache2.2-common_2.2.16-1ubuntu3.4_amd64.deb fcb9e2d96f98732a9dcb3e30b7ccb0a5ec444ae97c4536ef5c0924be84dcddf4 2721944 apache2.2-bin_2.2.16-1ubuntu3.4_amd64.deb aa90f377188b0ee37126ba4d81a3622fef9846e559020912f7fc4a1ce66cb2d0 2328 apache2-mpm-worker_2.2.16-1ubuntu3.4_amd64.deb 6d9f097278d180232b54e8433e23aab244bcfa545aa2187367a16ca76f85ced1 2388 apache2-mpm-prefork_2.2.16-1ubuntu3.4_amd64.deb 46efe1b99145cbc7bec3a069164bf905955c0eda697c994894d72a9662f5a654 2360 apache2-mpm-event_2.2.16-1ubuntu3.4_amd64.deb a8009788afd83a2bf518825890adbfee8bad71d9b3616ad88f42c25bf48596c6 2380 apache2-mpm-itk_2.2.16-1ubuntu3.4_amd64.deb c2b0229a3a1e0856e3f3716a5a5f3932a197e32f2cbac193ce4ecd542511b3a3 166374 apache2-utils_2.2.16-1ubuntu3.4_amd64.deb 73d69873bd594204905f7bfd1ede9aaf8e8222d676be78e4ebef0057cfe7614b 62364 apache2-suexec_2.2.16-1ubuntu3.4_amd64.deb ca7d96636cba0ce48067f6186f63226ac9b33e43b2daa1b64dc0a13a70299437 64018 apache2-suexec-custom_2.2.16-1ubuntu3.4_amd64.deb bb7c933ed47252df7b24b9239756f2dc514d5bf5caa5c3ab86ad6a5809410897 1482 apache2_2.2.16-1ubuntu3.4_amd64.deb 0b9f01b07696ff2aebcebb93ea5d9eebb837e0f72560c78df6597b495c0cdc25 137668 apache2-prefork-dev_2.2.16-1ubuntu3.4_amd64.deb 8659f7a6be704798ef31fa54af98ac973554e42dcb04b874b45d4e8662d7c2c7 138746 apache2-threaded-dev_2.2.16-1ubuntu3.4_amd64.deb Files: be9ea59d940912e6e97194b350009042 310754 httpd optional apache2.2-common_2.2.16-1ubuntu3.4_amd64.deb 0d86be034a4cc95bce2a9dcc247720f4 2721944 httpd optional apache2.2-bin_2.2.16-1ubuntu3.4_amd64.deb 7ffb8572f0eeb4e4c7ce6c708cab096a 2328 httpd optional apache2-mpm-worker_2.2.16-1ubuntu3.4_amd64.deb 33be861bf6349f53e8902b7e2416aa0a 2388 httpd optional apache2-mpm-prefork_2.2.16-1ubuntu3.4_amd64.deb 10ec15a34ca1880e3ba54e2a073e94b4 2360 httpd optional apache2-mpm-event_2.2.16-1ubuntu3.4_amd64.deb abcb8299d7f2ff3513c8a5840f4b7c09 2380 httpd extra apache2-mpm-itk_2.2.16-1ubuntu3.4_amd64.deb 0c4b3843edf056b16c010349491155c2 166374 httpd optional apache2-utils_2.2.16-1ubuntu3.4_amd64.deb 82120f92565dad1d6b52799716409f0b 62364 httpd optional apache2-suexec_2.2.16-1ubuntu3.4_amd64.deb bf75880c636f1c45e73b9f1ef71231ce 64018 httpd extra apache2-suexec-custom_2.2.16-1ubuntu3.4_amd64.deb f44f4c1d0a7e0c40d452a1b01a918d03 1482 httpd optional apache2_2.2.16-1ubuntu3.4_amd64.deb 0b0bfa45f643de460b545f4a419ef1e4 137668 httpd extra apache2-prefork-dev_2.2.16-1ubuntu3.4_amd64.deb 4bdbb1209d82ac64f6cde688c6a857a4 138746 httpd extra apache2-threaded-dev_2.2.16-1ubuntu3.4_amd64.deb Original-Maintainer: Debian Apache Maintainers Original-Vcs-Browser: http://svn.debian.org/wsvn/pkg-apache/trunk/apache2 Original-Vcs-Svn: svn://svn.debian.org/pkg-apache/trunk/apache2